Procedures for Handling Security Patches Recommendations of the National Institute of Standards and Technology

Timely patching is critical to maintain the operational availability, confidentiality, & integrity of info. tech. (IT) systems. However, failure to keep OS & application software patched is the most common mistake made by IT prof'l's. New patches are released daily, & it is difficult for even experienced system admin. (SA) to keep abreast of all the new patches. Not all vulnerabilities have patches; thus, SA must not only be aware of vulnerabilities & patches, but also mitigate unpatchedÓ vulnerabilities through other methods. NIST recommends that org. have an explicit & documented patching & vulnerability policy & a systematic, accountable, & documented process for handling patches. Here are principles & methodologies for accomplishing this.Mell, Peter is the author of 'Procedures for Handling Security Patches Recommendations of the National Institute of Standards and Technology' with ISBN 9780756732035 and ISBN 0756732034.